Test fix.

vverman · vverman · commit 61536186b8e5 · 2026-04-08T11:40:37.000-07:00
diff --git a/oauth2_http/java/com/google/auth/oauth2/SystemEnvironmentProvider.java b/oauth2_http/java/com/google/auth/oauth2/SystemEnvironmentProvider.java
@@ -1,3 +1,33 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google LLC nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 package com.google.auth.oauth2;
 
 import com.google.api.core.InternalApi;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
@@ -40,8 +40,7 @@
 import static org.junit.jupiter.api.Assertions.assertSame;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.verify;
+import static org.junit.jupiter.api.Assertions.fail;
 
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.json.GenericJson;
@@ -1053,14 +1052,8 @@ void build_withCertificateSource_succeeds() throws Exception {
   }
 
   @Test
-  void build_withCertificateSourceAndCustomX509Provider_success()
+  void build_withDefaultCertificateConfig_success()
       throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
-    // Create an empty KeyStore and a spy on a custom X509Provider.
-    KeyStore keyStore = KeyStore.getInstance("JKS");
-    keyStore.load(null, null);
-    TestX509Provider x509Provider =
-        spy(new TestX509Provider(keyStore, "/path/to/certificate.json"));
-
     // Set up credential source for certificate type.
     Map<String, Object> certificateMap = new HashMap<>();
     certificateMap.put("use_default_certificate_config", true);
@@ -1071,11 +1064,18 @@ void build_withCertificateSourceAndCustomX509Provider_success()
     MockExternalAccountCredentialsTransportFactory mockTransportFactory =
         new MockExternalAccountCredentialsTransportFactory();
 
-    // Build credentials with the custom provider.
+    // Use the pre-existing test configuration file to bypass well-known path resolution.
+    EnvironmentProvider mockEnvProvider =
+        name ->
+            "GOOGLE_API_CERTIFICATE_CONFIG".equals(name)
+                ? new File("testresources/mtls/certificate_config.json").getAbsolutePath()
+                : null;
+
+    // Build credentials using the default provider (no setX509Provider).
     IdentityPoolCredentials credentials =
         IdentityPoolCredentials.newBuilder()
-            .setX509Provider(x509Provider)
             .setHttpTransportFactory(mockTransportFactory)
+            .setEnvironmentProvider(mockEnvProvider)
             .setAudience("test-audience")
             .setSubjectTokenType("test-token-type")
             .setCredentialSource(credentialSource)
@@ -1091,9 +1091,6 @@ void build_withCertificateSourceAndCustomX509Provider_success()
         IdentityPoolCredentials.CERTIFICATE_METRICS_HEADER_VALUE,
         credentials.getCredentialSourceType(),
         "Metrics header should indicate certificate source");
-
-    // Verify the custom provider methods were called during build.
-    verify(x509Provider).getKeyStore();
   }
 
   @Test
